The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. Users who set their AirTags to lost mode are prompted to provide a contact phone number for finders to call. In September 2021, security researcher Brian Krebs noted that the phone number field will actually accept any type of input, including arbitrary computer code, opening up the potential use of AirTags as Trojan horse devices. The Customer shall own any and all Customer Data and shall be solely responsible for the accuracy and quality of any and all Customer Data and for establishing all terms and conditions applicable to the Customer’s own customers or employees. The Customer shall ensure that the Customer is entitled to transfer the Customer Data to GitGuardian so that GitGuardian may lawfully use, process and transfer the Customer Data in accordance with this Agreement on the Customer’s behalf.
Many of the people we worked with were at high risk if they were being stalked. So reports of such happening would need to be carefully checked out. Because I have reddit is now forestplanting family on three continents and because I also collaborate quite closely with several colleagues abroad, I often find myself shipping something internationally.
AirTags are doing the same thing that others have done in the past. There is increased risk due to the fact that they are more popular than the others, but this is greatly offset by the safeguards Apple is building in to their ecosystem, which other products are not (yet?) doing. Will the anti-stalking measures to make Airtags more noticeable to others when away from their owners cause problems when the owner is using the Airtag to trace luggage or packages shipped. I’ve used airline apps to track my bags for many years, but they only have city-level granularity – they tell you which plane or airport has your bag , but they stop there.
The finder of a lost tag are not seeing the suspicious phishing URL when they are scanning the tag. Because the URL is always going to be that Apple owned website. JamminJ September 28, 2021Yes, this is a serious bug in Apple’s web site, to allow XSS in the phone number field. The risk, of course, is that some researchers may decide it’s less of a hassle to sell their exploits to vulnerability brokers, or on the darknet — both of which often pay far more than bug bounty awards. Consider the scenario where an attacker drops a malware-laden USB flash drive in the parking lot of a company he wants to hack into.
It appears Adobe has automatically enrolled Creative Cloud users into a ‘Content analysis’ program, which allows the company to use media in users’ Creative Cloud library to train its machine learning features and tools. I did install this update and sometimes security updates are really needed. People, just update your OS whenever there is any statement related with security. Part of good security practices is keeping your security/protection current by patching any known vulnerabilities.